Format: 1.8 Date: Thu, 18 Apr 2024 11:13:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: i386 Version: 2.4.58-1ubuntu8.1 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: 62f31fe06c897295adea2bc34aadccefdb451418 2778132 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb ba02bb70b8f6931ee459e3388ecdcd6be589f131 1440278 apache2-bin_2.4.58-1ubuntu8.1_i386.deb f037b47ff87a865caa8e6e1a77180770924a3027 199188 apache2-dev_2.4.58-1ubuntu8.1_i386.deb 512cc82fe6e48e021c6b1e6ec5fbeccc77f3435f 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_i386.deb dd5f3d34153fa0998a1e1b34bf1a73a46b0a2acd 11198 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb ffc9ab4126588487d4743b7ae9c7e07d52ef5b7a 16096 apache2-suexec-custom_2.4.58-1ubuntu8.1_i386.deb 8a0037cba141e04a68e09943cfc14e098ecb3159 10040 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb ca46c3b5de987708541c98d49d099783fb206cd0 14438 apache2-suexec-pristine_2.4.58-1ubuntu8.1_i386.deb faf5e54cb0e615c4107b54006f2e40489fa41c5e 107786 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb af59afe978ae00657fa5f7048f8215baef0609de 100096 apache2-utils_2.4.58-1ubuntu8.1_i386.deb b56deb8b997290a9545969699c6f0474ef6d3cbb 12025 apache2_2.4.58-1ubuntu8.1_i386.buildinfo 51ff9d01dafa2a8ac55b9f5c8c4ecf8bd6a29548 90240 apache2_2.4.58-1ubuntu8.1_i386.deb 071fd963a388b144c996844b4257959b90a65687 800 libapache2-mod-md_2.4.58-1ubuntu8.1_i386.deb bb56c261ddb439ffcf7e29001e5813c82e2a1eaf 992 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_i386.deb Checksums-Sha256: 344ef1f7c538cad19d6a73a0fb275c7013ffb088e14b48d7839da65e36da521d 2778132 apache2-bin-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb 34fe0b4f7ee20ad2f3626c1687508970bc77161fdd0d83e5d1bd3cd4e52e2062 1440278 apache2-bin_2.4.58-1ubuntu8.1_i386.deb 6e437ff2f52a694187b96777d3b175477039adf789063f68cc1d9d3880d4f6f9 199188 apache2-dev_2.4.58-1ubuntu8.1_i386.deb 2da254a7c7fbcb377de4b8a530afb101b33f253ce41cf1f5aa22fcc232750827 2984 apache2-ssl-dev_2.4.58-1ubuntu8.1_i386.deb c1cbda48961383dbd80639be15dc86c542b52ab765e088c181579b7d457a1de5 11198 apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb afe330fbe533aff1a52060e03407d34ddb624f9f58335407451736e706927476 16096 apache2-suexec-custom_2.4.58-1ubuntu8.1_i386.deb 50f26c74941f0ffe664fa89a6114b09930be4387922f03b92e6e9c26d83c1c6c 10040 apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb 87945551c6aed8fd92e5b47d743ca38288aa2442fcd4988ef91f9528a6538d57 14438 apache2-suexec-pristine_2.4.58-1ubuntu8.1_i386.deb 77d60eae99d58c6e720ddc0af14090b0ca9a1feedcecce09ad64ee8b717f2324 107786 apache2-utils-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb 0883ef48fe8ddd932eeea1f6ccebdd1b5c72b862e9b8bfe0c0160a7e8d4e8c42 100096 apache2-utils_2.4.58-1ubuntu8.1_i386.deb efe6393574c47e158645fa500b070b7afe0fd19b09c3f77b1aa20c17f65ef850 12025 apache2_2.4.58-1ubuntu8.1_i386.buildinfo 30b483028a67109813ab50f53bd4eba9cf05be0d1a5a3b14d12f59123ba02d1e 90240 apache2_2.4.58-1ubuntu8.1_i386.deb 704caf4d2ab868b3c8f6264aee68d88f425ae26a2deb9aec99f29a5c7cbc2908 800 libapache2-mod-md_2.4.58-1ubuntu8.1_i386.deb 630cf0c61d97984ddb57b3dd07c955f9a48183645011149811030e989280b79a 992 libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_i386.deb Files: 3c4942caa2926aec49fdd6ea74e3b8ed 2778132 debug optional apache2-bin-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb f5fef1725b881f455e9ae6972e324780 1440278 httpd optional apache2-bin_2.4.58-1ubuntu8.1_i386.deb d835480a0fc2cb43ce0a3c154c13aace 199188 httpd optional apache2-dev_2.4.58-1ubuntu8.1_i386.deb af25d65a28d498848b3c4671b9e8be33 2984 httpd optional apache2-ssl-dev_2.4.58-1ubuntu8.1_i386.deb 6fcc079d711b80a23565635d9ad2554b 11198 debug optional apache2-suexec-custom-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb d15d4aa9bcca923d7ebd8be6cd6d250d 16096 httpd optional apache2-suexec-custom_2.4.58-1ubuntu8.1_i386.deb b0d3972d30c4c63591fe0b98c7552b3a 10040 debug optional apache2-suexec-pristine-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb 5e8d748e3ddbb8bc805bf7d1a43b0463 14438 httpd optional apache2-suexec-pristine_2.4.58-1ubuntu8.1_i386.deb 675ac17966320e17100a3278180486bd 107786 debug optional apache2-utils-dbgsym_2.4.58-1ubuntu8.1_i386.ddeb b189e254dac96dd0b85c9a4b80552bb0 100096 httpd optional apache2-utils_2.4.58-1ubuntu8.1_i386.deb 3b12e4115f76f621bc22aa2129a3b3de 12025 httpd optional apache2_2.4.58-1ubuntu8.1_i386.buildinfo c69939a0e37ed5dd980d00db8d7240a5 90240 httpd optional apache2_2.4.58-1ubuntu8.1_i386.deb 7cd9f18d9f0bb4475243656acf9e7205 800 oldlibs optional libapache2-mod-md_2.4.58-1ubuntu8.1_i386.deb 144ae4fe05fdb9a1f8cb1e4f31bda0b1 992 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.58-1ubuntu8.1_i386.deb Original-Maintainer: Debian Apache Maintainers